Posted
by
CmdrTaco
on Monday December 17, 2007 @11:20AM
from the go-long-go-long dept.

BobB-NW writes "U.S. federal agencies have six months to meet a deadline to support IPv6, an upgrade to the Internet's main communications protocol known as IPv4. But most agencies are not grabbing hold of the new technology and running with it, industry observers say. Instead, most federal CIOs are doing the bare minimum required by law to meet the IPv6 mandate, and they aren't planning to use the new network protocol for the foreseeable future."

I also look at the industry as a whole. I don't see any real drive, a critical mass if you will, for getting off of IPv4. My ISP doesn't offer IPv6. My company doesn't use IPv6. It's little wonder that the government is dragging it's feet.

IPv6 isn't that complicated to set up, especially since most recent desktops support IPv6 out of the box, though that doesn't mean that there aren't a few hurdles, including:
- Upgrading routers, firewalls et al to support IPv6.
- Some application software still not being fully IPv6 ready.
- A large number of sites still don't have IPv6 DNS addresses

I think the problem, like many government proposals is not the recommendation, but the lack of research guidelines or instructions on how to make the infrastructure IPv6 compliant or what it means to be IPv6 compliant. For example is simply having a 6to4 gateway considered IPv6 compliance.

All this said and done, has anyone here on/. actually upgraded a network to be IPv6 compliant and what can you tell us about real world experience.

IPv6 has better security provisions within the protocol itself, making the usual run of D- through to F- on Federal security audits less likely.

This has not been my experience with it. IPv6 is way more complex and poorly understood than IPv4 and as a result it is a lot more likely to have an unexpected security hole when set up by actual human beings than IPv4.

You would be surprise how many applications don't support IPV6. And how hard it would be to upgrade these applications. Most organizations, government or private, are filled with tons of custom software which was developed many years ago. Many of the applications are an every day part of doing business. A large percentage of these applications probably don't even have source code available to the company, and if they do, the people who originally worked on it have long since moved on. It may just be a simple matter of upgrading a library, and hoping that nothing breaks, but even searching through the code to find the stuff that needs to be fixed would take many man hours.

Desktops are only the start.Your servers need it (no ipv6 AD support).No ipv6 network printer support.No ipv6 VOIP support.Poor to nonexistant ipv6 router support, and of those that do most of them don't support firewalling it.Poor to nonexistant connectivity. Try asking the average ISP for an ipv6 address and they'll just look at you funny. It's not just consumer ISPs either - this business park I'm in at the moment has *no idea* what ipv6 is and has no timescale to look at it either.

Then there's the bits and pieces.. Dies Blackberry support ipv6? I know iphone doesn't, and Symbian's implementation is broken (relies on a dhcpv6 server and even then seems to need some kind of proprietary extension to that).

plenty of unused space can be reclaimed from horribly overbooked holders

The last of the freely available/8's will be allocated from IANA/ICANN to the RIRs in May 2010. It will take approximately 9-15 months for those freely available address to be allocated to end users. After that point, all new allocations will come from reclaimed space.

If all the unused/unannounced/reserved/8 blocks were to be reclaimed without any difficulties, like law suits, it would extend the allocation pool by a maximum of 23 months.

The uneducated people on/. really need to look at the numbers [potaroo.net]. There isn't decades worth of IPv4 out there, there are 2 to 3 years at which point there will be longer and longer delays to get on the old IPv4 internet.

All the RIRs changed their IPv6 policies recently, and it's growth has really taken off.

The obesity "epidemic" hit in the early 80s. Interestingly enough fructose was massively introduced into the US food supply in the early 80s. As it has been introduced into other countries obesity has taken off there too. Could be a coincidence but the evidence is pretty damning.

Try to cut fructose out of your diet. It is almost impossible. Soda has fructose (in the US) but everyone knows that... Bread has fructose in it. (Huh?) Not only does ketchup have it but mustard has fructose in it. (Why?!!!) Look for "High Fructose Corn Syrup" or some times just "Corn Syrup". You will be amazed at how much of your diet has these ingredients.

Research is showing that fructose short circuits the body's normal hunger response. Where it would normally say, "That's enough" it instead makes you continue to be hungry. No one can say that the food manufacturers knowingly did this but if you were a large company that is only worried about your stock value and you could add a completely legal and unregulated ingredient that makes things sweeter while insuring that people stayed hungry while they were stuffing their pie holes, would you do it?
Hmmmm...

Yes, the IPv6 space is bigger than it could have been - some people thought that 64 bits would be enough, some wanted 80, some wanted 160. But the transition is enough of a pain that it's worth only doing it once, and 128 bits isn't that much more trouble than 64. Also, it's turning out that having more bits of network side will simplify a lot of potential network applications.

There isn't a lot of hoarded Class B space out there - if anything, most of the hoarding is at the/24 level, by companies that need a/24 for dual-carrier routing reasons, but would otherwise need only a/29 or so to handle the external side of their firewalls.

IPv6 had a lot of optimistic goals, some of which (like security and autoconfiguration) have been achieved in other ways (like IPSEC and DHCP), and others (like hierarchical simplification of routing structures) don't look like they'll really happen. But the IPv4 space is going to run out, and we're not going to be able to squeeze much past 2012 - especially if a billion people want data on their cellphones, or if the Chinese economy adds a couple hundred million broadband users, which won't take long, or a couple million businesses, which won't take long either.

The IPv6 address space is very rationally designed, and yes, managing it does take work - but it's big enough that there's room to experiment, unlike IPv4 which ran out of slack well over a decade ago.

Hope you all don't think this just applies to computer networks. I am the avionics lead for a military aircraft and I have to periodically explain what we are doing (very little) to make the aircraft internal busses and avionics IPv6 compliant. Since our plane isn't connected to a live network there is little need for us to be IPv6 compliant now. But DoD policy is that everything eventually be IPv6 compliant. And the civil aviation world is talking about making their data links IPv6 based, too. Huge headache for us if we are ever directed to do this. I know some platforms are facing some big problems and bills - imagine re-writing the OFP to handle IPv6 addressing. Fortunately because we do not have an active military data link on our busses we are somewhat exempt for now.

And if you want another "great" idea, try this: I was just tasked to explain what we are doing to impliment PKI on our aircraft (again, very little). Some things just don't make sense now, and having PKI to logon or use a tactical aircraft doesn't make sense. I can see it now, "Sorry, I can't do the mission today. The hardware reader for the PKI isn't working or I forgot/misentered my password." Someday the hardware/software will be reliable enough for tactical systems but it ain't there yet. And lets not go down the biometrics path either.

Writing as AC since its been so long since I actually submitted anything that I have forgotten all account info.

Current allocation rate of IPv4 addresses worldwide is the equivalent of one/8 every 4.5 weeks, and accelerating. Last year the rate was one/8 every 5.5 to 6 weeks. Calculations of May 2010 are assuming that the rate doesn't accelerate any more.

When I said ALL big blocks being reclaimed into the available pool, that included all the remaining/8 allocations, including HP's 2x/8, MIT's/8, and all the others. Even with reclaiming all those/8s, it will extend the pool by 23 months at most.

The block allocated for Amateur radio operations was reclaimed a couple years ago, as well as the ones for Interop and other early networking groups. Those allocations are either already gone or back in the free pool.

HP has already announced plans to rent their addresses to customers who buy their big servers with a maintenance/service plan, and put the servers in partner data centres. So, in a few years, all those companies who want to get on the internet and can't wait a year or more for their allocation request to be fulfilled, they can throw a lot of money at HP and be up and running much faster. At least, that's what HP is counting on. If you think HP is going to willingly return any of their allocations when they can make US$10/month per IP address, you must be smoking some strong belly lint.

That's the biggest complaint I've had recently with Cisco for IPv6 rollouts. They refuse to put IPv6 into their base image, on the assumption that if your networking needs include more advanced protocols, then you are a carrier and should be paying for IPservices or IPkitchensink images. It's one of the biggest roadblocks on IPv6 rollout in the world. They've been shamed at technical conferences, their customers are abandoning them in droves for shit like this, and they have their heads so far up their asses they can't even respond.

I doubt a tiny post 6 levels deep on a techie website will make any difference, but since I haven't even talked to a Cisco rep in over a year, it's the only channel I have to give them feedback. Juniper and Foundry now have IPv6 as a basic service on all their recent hardware, and since IPv6 is just a command away from activation, all the ISPs who are moving away from Cisco are discovering how much more painless networking becomes with non-Cisco kit.